General
-
Target
TAX.xlsb
-
Size
10KB
-
Sample
230403-atghpsdb7y
-
MD5
1e1afc93c8092b2c7e49a6d3a451629f
-
SHA1
081d3ab46a0641d952ca28eacc6d4ef3516fdfd0
-
SHA256
ea0923854208956b1f563c5301bd0c9a8561128b7bd48c5b475ddeea29da8a1c
-
SHA512
5ca2f6827fc93c7645660d3f787c1d074596ecd90b5b7c03748f46def274dc1d4edb931251202a9c50fb925ba2c9dda855cd42a0c90d7c313f24aaa93823150d
-
SSDEEP
192:F5ssEP3p0o7VhgmK05bVhvtrWNpUAWvXSRo1jdF:3ssGZ0o7VhVK+hvwNmvV
Behavioral task
behavioral1
Sample
TAX.xlsb
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
TAX.xlsb
Resource
win10v2004-20230220-en
Malware Config
Extracted
http://kilolo.site/raw.txt
Extracted
https://kilolo.site/raw.txt
Extracted
http://37.72.175.188:80/home
Targets
-
-
Target
TAX.xlsb
-
Size
10KB
-
MD5
1e1afc93c8092b2c7e49a6d3a451629f
-
SHA1
081d3ab46a0641d952ca28eacc6d4ef3516fdfd0
-
SHA256
ea0923854208956b1f563c5301bd0c9a8561128b7bd48c5b475ddeea29da8a1c
-
SHA512
5ca2f6827fc93c7645660d3f787c1d074596ecd90b5b7c03748f46def274dc1d4edb931251202a9c50fb925ba2c9dda855cd42a0c90d7c313f24aaa93823150d
-
SSDEEP
192:F5ssEP3p0o7VhgmK05bVhvtrWNpUAWvXSRo1jdF:3ssGZ0o7VhVK+hvwNmvV
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-